AWS Identity and Access Management (IAM) now offers three new global condition keys that will make it easier for you to establish a network perimeter. The new condition keys – aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID – help you ensure that requests to your AWS resources or by your identities are made through your VPC endpoints.
The condition keys provide you with varied levels of granularity, enabling you to implement your network perimeter controls at an account, organization path, and entire organization level. The controls automatically scale with your VPC usage, eliminating the need to enumerate VPC endpoints or update policies as you add or remove them. You can use these condition keys with both new and existing service control policies (SCPs), resource control policies (RCPs), resource-based policies, and identity-based policies.
The condition keys are supported for a select set of AWS services and are available in all commercial AWS Regions where those services support AWS PrivateLink.
To learn more about these new condition keys and supported services, please visit the AWS IAM documentation and AWS blog.
Categories: general:products/aws-iam,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
Latest Posts
- Chat history landing page: Filtering UI refresh [MC1200572]
- Teams admin center: Auto‑updates for Teams Android device firmware and apps will be paused during year‑end holidays [MC1200581]
- OpenAI’s GPT-Image-1.5 model is now available in Microsoft 365 Copilot [MC1200577]
- Teams admin center: Messaging safety defaults changing to “On” by default [MC1200576]
